How to get .Net server logs on Amplify?



I'm having a very hard time getting my Blazor project to output server logs when it's hosted on Amplify. I am rather new to AWS, so perhaps I missed something important, but I looked everywhere and can't find the right solutions.

  • My project is a blazor web assembly app with a server.
  • Recently the server started returning 404 errors with every API call, so I wanted to check my server logs. I would have expected it to be as easy as locating the log file and reading it, but I came to understand all logs go to CloudWatch instead, and that it's far from being automatic.
  • Further investigation suggests CloudWatch won't receive logs from the .Net ILogger without using the aws-logging-dotnet package. I followed the steps, and managed to get my application to correctly output to CloudWatch - but this only works when running the app locally, not when it's hosted on Amplify.
  • There could be a permissions issue with Amplify in order for it to output logs to CloudWatch. I wasn't able to identify which role Amplify is supposed to be using to access AWS services, other than perhaps it's automatic and doesn't require setting up a role. Some documentation suggested giving Amplify a service role with the required CloudWatch log permissions (create stream, create group, push logs, describe groups), but that hasn't helped.
  • When my local app server starts, CloudTrail shows when my app creates a log stream. But this never happens with the Amplify-hosted app server. It doesn't show anything. Would it show if my app attempted to create a log stream, but was denied access?

What else could I try to identify the problem?

1 Answer

Hi Michael,

  1. Integrate the AWS logging package into your .NET server application by adding AWS.Logger.AspNetCore from the repository to enable CloudWatch logging.
  2. Configure CloudWatch logging in your application's appsettings.json or programmatically, as outlined in the repository's documentation.
  3. Ensure IAM roles for the AWS service hosting your .NET application (such as Lambda or EC2) include CloudWatch log permissions (logs:CreateLogStream, logs:PutLogEvents).
  4. Verify configurations if logs are missing in CloudWatch, and utilize CloudTrail for any IAM permission issues.

If didn't work, I'm here to help.

profile picture
answered 2 months ago
profile picture
reviewed 2 months ago
  • Thank you for this answer. I've done 1 and 2, and I believe this configuration is correct since I am able to view logs in CloudWatch when I run locally.

    But I don't get any logs when my app is hosted on Amplify. It's unclear whether Amplify automatically has all permissions to write logs by default, or if there's a role I should modify. Perhaps I should ask another question more targeted at Amplify.

    CloudTrail doesn't show any attempt to write the logs.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions